TERRA CLOUD Veeam Data Protection/en: Unterschied zwischen den Versionen

TERRA CLOUD Veeam Data Protection is a data backup platform from TERRA CLOUD powered by Veeam.
At the heart of this platform is the multi-tenant portal protection.terracloud.de, which grants you access to various backup products from Veeam.

What possibilities does the TERRA CLOUD Veeam Data Protection platform offer?

1. A Software-as-a-Service backup solution for Microsoft 365, fully hosted in the TERRA CLOUD (Hüllhorst location)
2. Licensing and centralized management of, for example, Veeam Backup & Replication Servers or Veeam Agents *NEW*

Setting up data backup consists of four steps in total, with steps 2-4 being repeated for each end customer.

You can have your TERRA CLOUD Veeam Data Protection Platform created with a one-time order in the TERRA CLOUD Center.
Upon completion of the deployment, you will receive a confirmation email. Your initial login credentials will be displayed in the TERRA CLOUD Technical Center.
Further setup of your customers and data backups is done in the technical administration portal protection.terracloud.de.

First Login:
You will receive a confirmation email after the deployment is complete.
You can retrieve your initial login credentials for protection.terracloud.de via the Technical Center.
Note: The user role "Reseller Admin" is required to access the login credentials.

The login is structured as follows:
(Wortmann Customer Number)\(Wortmann Customer Number-Administrator)
Example:
111490\111490-Administrator

Changing the Initial login credentials and multi-factor authentication: '
We recommend making the following adjustments to your initial administrator access (Service Provider Global Administrator) after logging in for the first time:

1. Changing the password
2. Activating and configuring multi-factor authentication
3. Verifying the stored email address ("Forgotten password" function)

Editing a user:
Option 1:
Please go to the settings using the "Configuration" gear in the upper right corner.
In the "Roles & Users" section, select the Service Provider Global Administrator using the checkbox and edit it using the pencil icon.

Option 2:
The currently logged in user can also be edited using the drop-down menu next to the username.

Adjusting the Administrator Profile:
Please assign a new password for this Service Provider Global Administrator user.
Check the email address stored in the "User Info" section; this is required for the "Forgot Password" function.
The address of the Cloud Master Account is stored by default. Change the address stored there if necessary.

We recommend enabling multi-factor authentication for all users in the Protection Portal.

Further configuration will be performed the next time you log in.
In the final step, you will receive a summary of the configured changes.

Please follow the steps below to configure email notifications:

1. Configuring the TERRA CLOUD SMTP server
Please open the portal settings using the "Configuration" gear and select the "Notifications" menu item.
Check whether an SMTP server has already been configured by TERRA CLOUD. If so, you can skip this step.
If no SMTP server has been configured, please click "Configure."
Please enter "mail.protection.terracloud.de" for the server and set the "Encryption protocol" to "None."
Since this SMTP server is located in the management infrastructure, encryption up to the SMTP server is not required.
Outgoing emails are encrypted if the receiving mail server requests it.

2. Setting up notifications
First, change the "Default sender" to "no-reply@protection.terracloud.de".
Select whether you want to be notified of every event or only receive summaries.
Enter the sender address and the desired recipient address again in the "Alarms" section.
The "Discovery Rules" and "Billing" sections are not required.

The Protection Portal offers its own monitoring function, which can be configured in the "Configuration --> Templates --> Predefined Alarms" section.

Please enter "Managed tenants quota" in the search bar and disable this alarm.
TERRA CLOUD uses the Company Quota function to manage the provisioning of end customers via the TERRA CLOUD Technical Center.
For this purpose, the quota is set to the current number of managed end customers and only increased by 1 when a new end customer is automatically provisioned.
This automation incorrectly triggers the "Managed tenants quota" alarm, which should be disabled beforehand.

Email notification when a Managed companies quota alarm is triggered.
If the alarm has not yet been disabled, the following message will be displayed in the Protection Portal and/or sent to you by email.

General:
In the Protection Portal, end-customer organizations are represented by a "Company." Your "Reseller" organization can manage any number of companies and thus end customers.
Companies can only be created automatically via the TERRA CLOUD Technical Center and not manually in the Protection Portal.
This enables the clear assignment of TERRA CLOUD Veeam Data Protection usage data to an end customer from the TERRA CLOUD Center/Technical Center.

Deploy TERRA CLOUD Veeam Data Protection for an end customer

1. Please navigate to the "Customer Management" section in the TERRA CLOUD Technical Center
2. Select the desired end customer and go to the "SERVICE SETTINGS" tab
3. Start the deployment by clicking "CREATE AND LINK END CUSTOMER" (see screenshot below)

The automated deployment performs the following steps in the background:

1. Create a company based on the end customer information from the Technical Center
2. Assign your resources for data backup (Veeam Backup for M365 Server and Repository)
3. Create a user account for the company

After successful completion, the created user account and a green check mark will be displayed.
The The displayed user access is a default of the Veeam Service Provider Console and is not required for setting up and managing data backups.
This provides insight into the data backup configuration within the company.

During the initial deployment of the TERRA CLOUD Veeam Data Protection platform, a company is automatically created for the Wortmann partner's company.
If you want to back up your own Microsoft 365 organization, you can skip the step Create and link end customers, as the company has already been created.
Please start directly with the step Setting up a Microsoft 365 data backup.

Please go to the Protection Portal to configure data backup.

The link between a created company (end customer) and a Microsoft 365 tenant can be configured in the "Veeam Backup for Microsoft 365 Plugin".
You can find this in the Plugin Library under "Configuration".

Go to the "Organizations" menu item and add a new one using "New".

First, please select the company/end customer to be linked, and then the object types to be protected ("Protected Services").
This selection determines the permissions the Entra ID application will have for data backup of the tenant.

Please leave the "Region" at the default setting "Default" and click "Next".

Please register a new Entra ID application in the tenant to be protected.
The abbreviation TCVDP in the name of the new application stands for TERRA CLOUD Veeam Data Protection in this example and facilitates identification within Entra ID.
Please note that the "export mode for SharePoint Web Parts" should only be enabled if this SharePoint feature is used.

To create the Entra ID application and grant it the necessary permissions, a Global Administrator login and approval are required.
Please copy the code and log in to Microsoft 365 using the provided link.

Confirm the login to the Microsoft Azure CLI to create and grant permissions for the Entra ID application.

After successful login and confirmation, the verification status should change to "Verified".
If not, you can generate a new code using "Refresh code" and log in again.

Finally, the status of the M365 Organization and the VSPC Company should be set to "Mapped".

To configure a backup job, select the "Backup Jobs" tab in the left-hand menu under "Management."
You can create a new backup job using "Create Job."
First, enter a name for the backup job and, optionally, a description.
We recommend choosing a name, as in our example, that reflects the content being backed up.

Please select the Microsoft 365 tenant that is already linked to be backed up.
Under Backup Mode, you configure the scope of your job's backup. The backup of the entire organization is pre-selected.

However, you can also customize the scope and define granular exclusions.
Best Practice for Exclusions:
We recommend backing up the entire organization and excluding specific objects (e.g., groups) instead of including only individual objects.
In the next step, the schedule is added. Here you can define the frequencies, days, and retry attempts.
Optionally, you can allow or disallow data backups within a backup window (e.g., during business hours).

In the final summary, you can use the "Start the job when I click finish" option to run the data backup immediately.

1. Active Entra ID Backup Application, which is already created during setup
2. Microsoft 365 credentials (affected user or global administrator)
3. TERRA CLOUD Veeam Data Protection Restore Portal Application added to the tenant

TERRA CLOUD uses a Microsoft Entra ID Enterprise Application to perform a restore in the backed-up tenant.
To enable this, the application must be added and authorized once per Microsoft 365 tenant.
You can do this directly via the TERRA CLOUD Technical Center using the "SET RESTORE PERMISSIONS" function.

Instructions:
Step 1: Log in to the TERRA CLOUD Technical Center as a "Reseller Admin."
Step 2: Navigate to the TERRA CLOUD Veeam Data Protection product in the menu under the "Products" category.
Step 3: Click the "SET RESTORE PERMISSIONS" button.
Step 4: In the newly opened tab, log in with a Global Administrator user of the tenant for which you want to configure the restore.

Step 5: Confirm the requested permissions for the "TERRA CLOUD Veeam Data Protection - Restore Portal" application by clicking "Accept." You will then be redirected to your Restore Portal.

Functional test: Please log in to the Restore Portal with a Microsoft 365 user from the tenant or the Global Administrator used above.

Step 1:
Under the "Protected Data" menu item, you can open a new tab with the "Restore Portal" link to access the Restore Portal.
Please log in with the Microsoft 365 user for whom you want to restore something.

Step 2:
Select the desired restore point from the calendar.

Step 3:
Now compile the restore set from the required files.
You can navigate through the backup and the various object types, as well as use the search function.
You can select individual files directly and restore them using the "Restore" function or add them to the restore set using "Add to Restore List."

Step 4:
Please check whether all the desired files are included in the restore list under "Items."
You can then specify the "Restore Mode" to determine whether the files should be overwritten or retained in their original location.
Click the "Finish" button to start the restore.

Prerequisite:
You can authorize one or more users as "Restore Operators" through TERRA CLOUD Support.
Please provide us with the desired tenant, e.g., contoso.onmicrosoft.com, and the desired user, e.g., admin@contoso.onmicrosoft.com.
As a "Restore Operator," you can use the "Scope" to change your identity and perform the restore for other or multiple users.
The procedure is identical to restoring as a user.

The TERRA CLOUD Technical Center provides you with an overview for each end customer and a summary of the consumption data for the selected month.
Within the table view, you can filter the values as usual using the respective function and export them as a CSV file.
The default selection "Current" shows you the license consumption for the current month. However, only the consumption reports for completed months are relevant for billing.
The consumption overview shows you the following values:

Date

• Indicates the completed and billing-relevant month selected in the "Report Month" drop-down menu.
• If nothing is selected, the current month is displayed.

End customer

• Indicates the end customer linked to the secured Microsoft 365 tenant.

Number of secured M365 users

• Sum of the new and billed M365 users.

Number of new backed-up M365 users

• Users newly added to the backup in the selected month will not be billed.
• This applies to both the initial setup of the tenant and newly added users for existing customers.

Number of billed M365 users

• Users billed in the selected month.

Below the table with the consumption values per end customer, you will also find your summarized consumption values as a partner.

A Microsoft 365 user consumes one license for TERRA CLOUD Veeam Data Protection Microsoft 365 Backup in the billing month if the following criteria are met:

1. The online services Exchange Online and/or SharePoint Online/OneDrive for Business are used and backed up by the product.
   
2. The user has been part of at least one backup within the last 31 days.

Important note:
Restoration from previously created backups is also possible without an active license.

When both criteria are met for the first time, the user is registered as "new."
If a user has not been backed up in the last 31 days, no more licenses are consumed.

The following objects can be included in the backup, but they do not consume a license.

1. Microsoft Teams objects
2. Groups and non-personal SharePoint sites
3. Shared mailboxes (unless a Microsoft 365 license has been assigned)
4. Resource mailboxes (unless a Microsoft 365 license has been assigned)
5. Public folders (unless a Microsoft 365 license has been assigned)
6. External SharePoint users
7. Microsoft Teams guest users

The retention period is 10 years and is controlled by the provided repository.
A reference to the retention period can also be found in the repository name (10Y = 10 years): "00000-M365-10Y-RETENTION".

Chats between individual users and group chats cannot be backed up.
For more information about the limitations of Veeam Backup for Microsoft 365 Teams backup, see here.

The option "Teams chats" requires the paid use of the Microsoft Teams Export APIs and secures posts in public Teams channels.

An overview of the costs can be found in this Microsoft article.
Veeam is classified as a Model B certified partner.